<?php
/*
+ --------------------------------------------------- +
|  Ineo Article Manager - Version 2.x
|  Copyright 2006-2007, Dan Cryer and William McGann
+ --------------------------------------------------- +

Ineo Article Manager is free software; you can redistribute it and/or modify
it under the terms of version 3 of the GNU General Public License as published by
the Free Software Foundation.

Ineo Article Manager is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with Ineo; see the file License.txt.  If not, write to
the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.

*/

/**
* Ineo - Libraries - Permissions Handler
*
* @package		Ineo
* @subpackage   Libraries
* @author		Dan Cryer & William McGann
* @copyright	Dan Cryer & William McGann
* @version		1.1
*/

class ineo_lib_permissions
{
	/**
	* Set up variables:
	*/
	var $core        = null;
	var $ipsclass    = null;
	var $category    = 0;
	var $group       = 0;
	var $permissions = array();
	
	/**
	* Constructor:
	*/
	function ineo_lib_permissions( &$ineo )
	{
		$this->core        =& $ineo;
		$this->ipsclass    =& $ineo->ipsclass;
		$this->permissions =& $this->ipsclass->cache['ineo_permissions'];
		$this->group       =& $this->ipsclass->member['mgroup'];
	}
	
	/**
	* Check
	*
	* Checks permissions against default/group/category based permissions and returns a true/false.
	*/
	function check( $permission, $cat_id = null )
	{
		if( $cat_id === null )
		{
			$cat_id = $this->category;
		}
		
		// Load our permissions levels:
		$global =& $this->permissions['global'][0];
		$group  =& $this->permissions['global'][$this->group];
		
		if( $cat_id != 0 )
		{
			$category =& $this->permissions[$cat_id][$this->group];
		}
		
		if( $permission == 'view' )
		{
			// View is the only permission that overrides in reverse ( category -> group -> global )
			if( $global['view'] == 1 and $group['view'] != -1 )
			{				
				// global view is implicit on, group view is either on or not set.
				if( $category != 0 and $category['view'] != -1 )
				{					
					// we're checking a category, and category view is either on or not set
					// so we can return true:
					return true;
				}
				elseif( !$category )
				{					
					// we're not checking a category, so we can return true:
					return true;
				}
				elseif( $category and $category['view'] == -1 )
				{					
					// we are checking a category and category view is off
					return false;
				}
				else
				{
					print_r($category);
				}
			}
			else
			{
				// global view or group view are set to off, or global view is not yet set!
				return false;
			}
		}
		else
		{
			// All other permissions override as global -> group -> category
			if( $category != 0 and $category[$permission] == 1 )
			{
				// category checking is on, 
				// and the permission is on for this group at the category level:
				return true;
			}
			
			if( $group[$permission] == 1 )
			{
				// This permission is on at the group-global level:
				return true;
			}
			
			if( $group[$permission] == 0 and $global[$permission] == 1 )
			{
				// There is no group permission set for this group, and the global permission
				// is either not set, or set to off
				return true;
			}
			
			// if none of the tests have failed yet, return true:
			return false;
		}
	}
	
	/**
	* Global Check
	*
	* A general, global permission check.
	*/
	function global_check()
	{
		// set some vars:
		$offline_message  = trim($this->ipsclass->vars['ineo_offline_msg']);
		$can_view_offline = $this->ipsclass->member['g_access_offline'];

		// first, check that ineo is not offline:
		if( !empty($offline_message) and !$can_view_offline )
		{
			$this->ipsclass->load_language('lang_error');
			$this->out        = $this->core->templates['global']->offline($offline_message);
			$this->no_wrapper = true;
			$this->do_output();
			return false;
		}

		// global view check:
		if( !$this->check('view') )
		{
			$this->core->permission_error = 'ineo_permission_view';
			return false;
		}

		// Require Edit Permissions:
		$p_edit = array( 'category_manager' , 'edit' , 'edit_sub' , 'catman' );

		// Require Mod Permissions:
		$p_is_mod = array( 'revisions' , 'rev_del' , 'rev_restore' , 'delete', 'mq_list', 'mq_art_app',
		'mq_art_den', 'mq_con_app', 'mq_con_den' );

		// Requires Add Permissions:
		$p_add = array( 'new_art', 'create' , 'add' );

		// Requires an int ID:
		$p_id = array( 'cat' , 'article' , 'edit' , 'rev_list' , 'watch_add_art' , 'watch_add_cat' , 'watch_cat_delete' , 'watch_art_delete' , 'rev_view' , 'mq_con_app' ,'mq_con_den' , 'mq_art_app', 'mq_art_app' , 'art_print' );

		if( in_array( $this->core->action, $p_edit ) and $this->check('edit') )
		{
			$this->core->permission_error = 'ineo_permission_edit';
			return false;
		}

		if( in_array( $this->core->action, $p_is_mod ) and !$this->check('moderate') )
		{
			$this->core->permission_error = 'ineo_permission_moderate';
			return false;
		}

		if( in_array( $this->core->action, $p_add ) and !$this->check('add') )
		{
			$this->core->permission_error = 'ineo_permission_add';
			return false;
		}

		if( in_array( $op, $p_id ) and ( empty( $this->ipsclass->input['id'] ) or !is_numeric( $this->ipsclass->input['id'] ) ) )
		{
			$this->core->permission_error = 'ineo_require_id';
			return false;
		}
		elseif( !empty($this->ipsclass->input['id']) )
		{
			$this->ipsclass->input['id'] = intval( $this->ipsclass->input['id'] );
		}

		return true;
	}
	
	function error()
	{
		$this->core->out .= $this->core->templates['global']->no_access_error();
	}
	
	function check_with_error($permission, $cat_id = null)
	{
		if( !$this->check($permission,$cat_id) )
		{
			$this->error();
			return false;
		}
		else
		{
			return true;
		}
	}
}

?>